Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2929822ybl; Sun, 2 Feb 2020 10:04:34 -0800 (PST) X-Google-Smtp-Source: APXvYqxpyqVQKLh2fVsB5CuIOHJZW3MHBkwxE9Rqer989PepQb+M7lm5qS//QBYQ4N55tcknh9bE X-Received: by 2002:a05:6830:99:: with SMTP id a25mr15631269oto.130.1580666673862; Sun, 02 Feb 2020 10:04:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580666673; cv=none; d=google.com; s=arc-20160816; b=aogVmEz+Rz0AdS6NXjcN/+xjSagQKuRX73HWxe0RreucdRaDET3trstKDPsAnPqjUw 66ijRKGZWSlm3fqC7U3siFiUXkMVhSCVyO8HeGTEWT7/+pzlA26buDoybWeHPi5C8nKg CX8pLoKO0NLO3uF1CbZtn/qTncuB+Zpk8Qf0xrsl/rIedAcnm7WHQfjptLBKe6vgJDdZ Cwy3+n1X+RmL5h7iP5dOTjmhfNrqkHplVBxHmSIeCYfphOtdsuJHkBTXzq9znJtmpAxM nIV8QFHtKXd6LY8TQPBr9fDSPK4pRlgO1TvnASgZkntqP1jui+9Y35Cg4KQadKWAIJMw Y3Mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=QmKWAHIRS574byfrrAo7husLV2hZAgH8s/ZJVLQJI3g=; b=X2q7cskPlYv4RJUzLi4eLwK1v/P/CNuCYXH3X/mnthgPEZcjeB9Zc3oQ4J5T4gPZX8 EhHavTS+pOAjiKMfGsOhtPuGfu75piOBKyzPdkUXjP8RkqDH/lDx3RsQwZEb0IKsVfIi i87Q99hW6nRw76s/VMbDCm7nbn0PYODv43cPV5IrsoqogxxURNGQxuuTM2wwumJESHFt omP/sri3oiTl4HUDmJSQAgoPi+/3zBePF/TIu65H0UTTm70iKlYfkpdcxRWTjComvzRV Je68EonsdzcRzu6MiO0fzUUnZElI8pvrLkFCM7y1Tylm0sYLe6O5Rbx83sJvNlzqeNB2 g04g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=aBsX9Hpe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p1si8421542otk.42.2020.02.02.10.04.21; Sun, 02 Feb 2020 10:04:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=aBsX9Hpe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726934AbgBBSCH (ORCPT + 99 others); Sun, 2 Feb 2020 13:02:07 -0500 Received: from mail-wm1-f65.google.com ([209.85.128.65]:52198 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726885AbgBBSCH (ORCPT ); Sun, 2 Feb 2020 13:02:07 -0500 Received: by mail-wm1-f65.google.com with SMTP id t23so13440017wmi.1 for ; Sun, 02 Feb 2020 10:02:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QmKWAHIRS574byfrrAo7husLV2hZAgH8s/ZJVLQJI3g=; b=aBsX9Hpef1ms4ozqNDTFAQ2tNBdDwTakNV/lcZvRVy1CEWOUikE8PTfJdCCHOXThBy K/uRER0R1Lt9H33e4VLfa/061i21BcHAA/i1SHMT+bzgKNLhJzJnIeEqiMv4ohyEeSdB KU/ZxEKvrF34CjEu8x1Ei+Onktl9sth+4xVk10IeiQ9h6l9NfJxV5toDvXqJozfLwbjl XXfb+0e4ERSlTlDxraoSv8pyQ+ReVlXsBx6Lanult13oOuEWjsJVi/LIQKCJkvGTZWxK aeTcxo3ANAmtAo/zzDopyTAjlxD1rgSYAlyZiiPcu4IWJEK6Hc4m4TkhuR6YdHH8vaLC HSoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QmKWAHIRS574byfrrAo7husLV2hZAgH8s/ZJVLQJI3g=; b=oxuo8R+SPdjKuDhis7C2PqO0nYS82xATiPJ7nTebNeKoaqYEMOCee56JBD4hYBr2ML pZ95wQudYUxCyDD1Cm7Izm5vbcn5DyFyCg/idLgNiEBeEZ/ElMg9O715xAJSj9vtDfTp 4uPq4qzyTVP36LAf8lSOphVneO4tjrfxbsubRdoxir1rdqbbA55VOA13m+meBhvyxa4J zUdM4/ZTRbCZPOtv6PakjHkCU1Vdu3zA3X5C5/oCEApSbng6hVMmiM4PI9vf8+xnmfxj ZQXiNcWdrf5IielCEAH/lRI+ESltbCdMDkqVZH343nvUul9P0wuARcD+peieg22+ww4G R8ZA== X-Gm-Message-State: APjAAAU01nXNYbqknEhFYQy6fu3ItVQa5DKf0el/M2bnCS0dmsiBKpFd WZ9o1egxiQNnyBtOQY/6yox3XyrzqJ63RuOfo2xeqA== X-Received: by 2002:a7b:cc81:: with SMTP id p1mr23729628wma.62.1580666525652; Sun, 02 Feb 2020 10:02:05 -0800 (PST) MIME-Version: 1.0 References: <20200130200440.1796058-1-nivedita@alum.mit.edu> <20200202171353.3736319-1-nivedita@alum.mit.edu> In-Reply-To: <20200202171353.3736319-1-nivedita@alum.mit.edu> From: Ard Biesheuvel Date: Sun, 2 Feb 2020 19:01:27 +0100 Message-ID: Subject: Re: [PATCH v2 0/7] x86/efi,boot: GDT handling cleanup/fixes To: Arvind Sankar Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Ard Biesheuvel , linux-efi , "the arch/x86 maintainers" , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2 Feb 2020 at 18:13, Arvind Sankar wrote: > > This series fixes a potential bug in EFI mixed-mode and leaves GDT > handling to startup_{32,64} instead of efi_main. > > The first patch removes KEEP_SEGMENTS support in loadflags, this is > unused now (details in patch 1 commit msg), to slightly simplify > subsequent changes. > > The second patch fixes a potential bug in EFI mixed-mode, where we are > currently relying on the firmware GDT having a particular layout: a > CODE32 segment as descriptor 2 and a DATA segment as descriptor 3. > > The third patch adds some safety during kernel decompression by updating > the GDTR to point to the copied GDT, rather than the old one which may > have been overwritten. > > The fourth patch adds cld/cli to startup_64, and the fifth patch removes > all the GDT setup from efi_main and adds it to the 32-bit kernel's > startup_32. The 64-bit kernel already does GDT setup. This should be > safer as this code can keep track of where the .data section is moving > and ensure that GDTR is pointing to a clean copy of the GDT. > > The last two patches are to fix an off-by-one in the GDT limit and do a > micro-optimization to the GDT loading instructions. > Thanks Arvind. This looks good to me, Acked-by: Ard Biesheuvel but I'm a bit out of my depth here when it comes to x86'ology so it's really up to the x86 maintainers. > Changes from v1: > - added removal of KEEP_SEGMENTS > - added the mixed-mode fix > - completely removed GDT setup from efi_main, including for the 32-bit > kernel > - dropped documentation patches for now > > Arvind Sankar (7): > x86/boot: Remove KEEP_SEGMENTS support > efi/x86: Don't depend on firmware GDT layout > x86/boot: Reload GDTR after copying to the end of the buffer > x86/boot: Clear direction and interrupt flags in startup_64 > efi/x86: Remove GDT setup from efi_main > x86/boot: GDT limit value should be size - 1 > x86/boot: Micro-optimize GDT loading instructions > > Documentation/x86/boot.rst | 8 +- > arch/x86/boot/compressed/eboot.c | 103 ------------------------ > arch/x86/boot/compressed/efi_thunk_64.S | 29 +++++-- > arch/x86/boot/compressed/head_32.S | 48 +++++++---- > arch/x86/boot/compressed/head_64.S | 66 ++++++++------- > arch/x86/kernel/head_32.S | 6 -- > 6 files changed, 99 insertions(+), 161 deletions(-) > > -- > 2.24.1 >